EMC » Cloud Tiering Appliance : Security Vulnerabilities, CVEs, CVSS score >= 6
CVE-2014-0644
Public exploit
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Max CVSS
7.8
EPSS Score
36.40%
Published
2014-04-17
Updated
2014-04-17
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.
Max CVSS
6.8
EPSS Score
1.06%
Published
2012-08-29
Updated
2017-08-29
2 vulnerabilities found